Book Details

ISBN 139781783982165

Paperback512 pages

Book Description

With the increasing threats of breaches and attacks on critical infrastructure, system administrators and architects can use Kali Linux 2.0 to ensure their infrastructure is secure by finding out known vulnerabilities and safeguarding their infrastructure against unknown vulnerabilities.

This practical cookbook-style guide contains chapters carefully structured in three phases – information gathering, vulnerability assessment, and penetration testing for the web, and wired and wireless networks. It's an ideal reference guide if you’re looking for a solution to a specific problem or learning how to use a tool. We provide hands-on examples of powerful tools/scripts designed for exploitation.

In the final section, we cover various tools you can use during testing, and we help you create in-depth reports to impress management. We provide system engineers with steps to reproduce issues and fix them.

Table of Contents

Chapter 1: Getting Started - Setting Up an Environment

Introduction

Installing Kali Linux on Cloud - Amazon AWS

Installing Kali Linux on Docker

Installing NetHunter on OnePlus One

Installing Kali Linux on a virtual machine

Customizing Kali Linux for faster package updates

Customizing Kali Linux for faster operations

Configuring remote connectivity services - HTTP, TFTP, and SSH

Configuring Nessus and Metasploit

Configuring third-party tools

Installing Docker on Kali Linux

Chapter 2: Network Information Gathering

Introduction

Discovering live servers over the network

Bypassing IDS/IPS/firewall

Discovering ports over the network

Using unicornscan for faster port scanning

Service fingerprinting

Determining the OS using nmap and xprobe2

Service enumeration

Open-source information gathering

Chapter 3: Network Vulnerability Assessment

Introduction

Using nmap for manual vulnerability assessment

Integrating nmap with Metasploit

Walkthrough of Metasploitable assessment with Metasploit

Vulnerability assessment with OpenVAS framework

Chapter 4: Network Exploitation

Introduction

Gathering information for credential cracking

Cracking FTP login using custom wordlist

Cracking SSH login using custom wordlist

Cracking HTTP logins using custom wordlist

Cracking MySql and PostgreSQL login using custom wordlist

Cracking Cisco login using custom wordlist

Exploiting vulnerable services (Unix)

Exploiting vulnerable services (Windows)

Exploiting services using exploit-db scripts

Chapter 5: Web Application Information Gathering

Introduction

Setting up API keys for recon-ng

Using recon-ng for reconnaissance

Gathering information using theharvester

Using DNS protocol for information gathering

Web application firewall detection

HTTP and DNS load balancer detection

Discovering hidden files/directories using DirBuster

CMS and plugins detection using WhatWeb and p0f

Finding SSL cipher vulnerabilities

Chapter 6: Web Application Vulnerability Assessment

Introduction

Running vulnerable web applications in Docker

Using W3af for vulnerability assessment

Using Nikto for web server assessment

Using Skipfish for vulnerability assessment

Using Burp Proxy to intercept HTTP traffic

Using Burp Intruder for customized attack automation

Using Burp Sequencer to test the session randomness

Chapter 7: Web Application Exploitation

Introduction

Using Burp for active/passive scanning

Using sqlmap to find SQL Injection on the login page

Exploiting SQL Injection on URL parameters using SQL Injection

Using Weevely for file upload vulnerability

Exploiting Shellshock using Burp

Using Metasploit to exploit Heartbleed

Using the FIMAP tool for file inclusion attacks (RFI/LFI)

Chapter 8: System and Password Exploitation

Introduction

Using local password-attack tools

Cracking password hashes

Using Social-Engineering Toolkit

Using BeEF for browser exploitation

Cracking NTLM hashes using rainbow tables

Chapter 9: Privilege Escalation and Exploitation

Introduction

Using WMIC to find privilege-escalation vulnerabilities

Sensitive-information gathering

Unquoted service-path exploitation

Service permission issues

Misconfigured software installations/insecure file permissions

Linux privilege escalation

Chapter 10: Wireless Exploitation

Introduction

Setting up a wireless network

Bypassing MAC address filtering

Sniffing network traffic

Cracking WEP encryption

Cracking WPA/WPA2 encryption

Cracking WPS

Denial-of-service attacks

What You Will Learn

Understand the importance of security assessments over merely setting up and managing systems/processes

Familiarize yourself with tools such as OPENVAS to locate system and network vulnerabilities

Discover multiple solutions to escalate privileges on a compromised machine

Identify security anomalies in order to make your infrastructure secure and further strengthen it

Acquire the skills to prevent infrastructure and application vulnerabilities

Exploit vulnerabilities that require a complex setup with the help of Metasploit

Authors

Ishan Girdhar

Ishan Girdhar is a senior pentester and DevSecOps engineer. With over 7 years of work experience, he has been vigorously involved in building application security and bug bounty programs, in his current and previous roles, helping businesses and organizations to be more secure ad aware. He is currently working with Southeast Asia’s biggest ride-hailing platform, Grab. Previously, he has worked with organizations such as InMobi and one of the biggest Internet payment company, PayPal. He holds bachelor's and master's degrees in computer science and has the MCP, CCNA, RHCE, and OSCP certifications. He has also conducted various trainings for Red Hat Linux and web application and network security.

He loves to share his work with the InfoSec and developer community through public speaking and open source projects. He loves to code in Python.

In his spare time, he prefers reading, scripting, tweeting (@ishangirdhar), and writing articles at his blog (www.securityninja.io), which aims on sharing knowledge and encouraging budding enthusiasts. You can check out some of his open source projects at github.com/ishangirdhar. He was a part of NullCon (Goa 2012,2013, 2014, and 2015) and has been actively engaged in Null Meets (the Delhi, Bangalore, and Singapore chapters).

Dhruv Shah

Dhruv Shah is an information security consultant and security researcher. He started his career as an information security trainer and later moved to consulting. He has a great passion for security. He has been working in the security industry for nearly 7 years. Over this period, he has performed network security assessments, web application assessments, and mobile application assessments for various private and public organizations, as well as private sector banks.

He runs the security-geek.in website, a popular resource of security guides, cheat sheets, and walkthroughs for vulnerable machines of VulnHub. He holds a masters of science in information technology (MSc IT) degree from Mumbai University. His certifications include CEH, CISE, and ECSA.

Outside of work, he can be found gaming on Steam, playing CS GO and Rocket League.

Alerts & Offers

Series & Level

We understand your time is important. Uniquely amongst the major publishers, we seek to develop and publish the broadest range of learning and information products on each technology. Every Packt product delivers a specific learning pathway, broadly defined by the Series type. This structured approach enables you to select the pathway which best suits your knowledge level, learning style and task objectives.

Learning

As a new user, these step-by-step tutorial guides will give you all the practical skills necessary to become competent and efficient.

Beginner's Guide

Friendly, informal tutorials that provide a practical introduction using examples, activities, and challenges.

Essentials

Fast paced, concentrated introductions showing the quickest way to put the tool to work in the real world.

Cookbook

A collection of practical self-contained recipes that all users of the technology will find useful for building more powerful and reliable systems.

Blueprints

Guides you through the most common types of project you'll encounter, giving you end-to-end guidance on how to build your specific solution quickly and reliably.

Mastering

Take your skills to the next level with advanced tutorials that will give you confidence to master the tool's most powerful features.

Starting

Accessible to readers adopting the topic, these titles get you into the tool or technology so that you can become an effective user.

Progressing

Building on core skills you already have, these titles share solutions and expertise so you become a highly productive power user.